Customer case

If insurance improves DORA compliance with ServiceNow

The challenge

Ensuring compliance and cyber resilience

Cybersecurity and data protection are critical for insurance and financial institutions. For If Insurance, adhering to new EU regulations such as DORA required a structured, transparent, and fully documented process for assessing application security.

The company needed a centralized way to manage and document all security testing activities — ensuring that findings, follow-ups, and repairs were visible to all relevant teams and aligned with compliance requirements.

Structured and centralized process

If Insurance needed a more structured way to handle security testing across hundreds of business applications.
With The Cloud People’s help, a centralized process was designed in ServiceNow to manage requests, track testing, and ensure every step of the security assessment was fully documented and compliant with DORA regulations.

Custom Workflows and Dashboards

The Cloud People built tailored workflows, forms, and dashboards on top of the ServiceNow platform.
Application owners can now easily request security assessments through the portal, while the security team performs penetration tests, logs findings, and monitors progress — all in one place, with full visibility for all stakeholders.

Real-time insights and automation

The new solution provides real-time dashboards showing vulnerabilities, repair deadlines, and compliance status.
Automated tracking reduces manual work and enables management to monitor cybersecurity risks instantly. This transparency and automation strengthen If Insurance’s resilience and support ongoing regulatory compliance.

The outcome

A custom security assessment built on ServiceNow

If insurance wanted a structured approach for the security assessment utilizing ServiceNow, where documentation and visual insights for all stakeholders were imperative. The goal was to make a solution where IT Management, the security team and the test team had a complete overview of the security assessment process, a place to document their findings and ensure the conclusions of their tests were properly followed up on. Therefore, to help build such a solution in ServiceNow, If insurance reached out to The Cloud People for advice and support.

The custom built security assessment process with dashboards on top of the ServiceNow platform has given If insurance various benefits such as:

Improved compliance with Digital Operational Resilience Act (DORA) chapter 4.
Overall better cyber security.
Less risk of data breaches and loss of critical data and information.
Documentation of the process and work done around security assessment.
Less manual work.
Real-time visual status on the security assessment for each application tested for management and all stakeholders.

The security assessment solution based on ServiceNow makes it easy for If’s security personnel to prioritize the most critical tasks. Now, If insurance has a structured process and can report to management and stakeholders on the progress through real-time updated dashboards. At the same time, the security assessment is documented.